As the data controller ALMİN ALÜMİNYUM PROFİL SANAYİ VE TİC.LTD.ŞTİ, all personal data processed within our company are protected within the scope of the relevant national and international legislation provisions, especially the Personal Data Protection Law No. 6698. Our company takes technical and administrative measures in a timely manner to ensure the necessary protection, and in case of any suspicion of violation, it makes the necessary notifications to the relevant individuals, institutions and organizations within the framework of legal provisions as soon as possible.
Within the scope of this clarification text, it is useful to know the meanings of the following concepts.
Explicit consent, within the scope of Directive 95/46 EC, should be understood as a statement of approval given by the data subject freely, with sufficient information on the subject, in a clear manner that leaves no room for hesitation, and limited only to that transaction, to the processing of data about him/her.
Anonymization of personal data means making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.
Data recording system refers to the recording system in which personal data is structured and processed according to certain criteria. The systems in question can be physical or digital. Data can be processed according to more than one criterion within the system in question. For example, data can be recorded and processed based on a registration system based on name and surname, Turkish Republic of Northern Cyprus or place of birth.
Data controller is the person responsible for the processing, transfer, deletion of direct data and other obligations under the law within the scope of Law No. 6698. They are those who determine the purposes and means of processing personal data and are responsible for establishing and managing the data recording system. These persons may be natural persons or legal entities such as public institutions, companies, associations or foundations. Within the scope of this information text, it refers to ALMİN ALÜMİNYUM PROFİL SANAYİ VE TİC.LTD.ŞTİ .
Data processors are real and legal persons who process data on behalf of the data controller. These persons may be employees who process personal data within the framework of the instructions given to them, or they may be a separate natural or legal person determined by the data controller by purchasing services. Any natural or legal person can be both a data controller and a data processor at the same time. For example, while an accounting company is considered a data controller for the data it holds about its own personnel, it will be considered a data processor for the data it holds for its customer companies.
Related person,It refers to the real person whose personal data is processed, that is, CANDIDATE EMPLOYEE within the scope of this agreement.
Destruction refers to the deletion, destruction or anonymization of personal data.
A. PURPOSES OF PROCESSING OF PERSONAL DATA
As the relevant person, your personal data is processed for the following purposes within the scope of Articles 5 and 6 of Law No. 6698;
• Carrying out internal human resources processes.
• To ensure the employment of relevant people in suitable positions after recruitment.
• Ensuring internal communication within the company.
• Ensuring the safety of the company, its employees and third parties,
• Conducting statistical studies and making risk assessments.
• To ensure in-house event management.
• To ensure demand and complaint management.
• To transmit to the Authority the necessary information and documents to fulfill the obligations imposed on us in accordance with Law No. 6698.
• To ensure that legal obligations are fulfilled as required or required by legal regulations.
• To provide proof of material and legal facts as evidence in possible disputes that may arise in the future.
• To protect the legal rights of the company or third parties in case legal conditions are met
. • To determine possible employment positions by asking for professional qualification and vehicle usage certificates.
• To exchange necessary information and documents with official institutions and organizations, especially İş Kur, regarding recruitment processes.
• Ensuring workplace physical space security.
• Ensuring workplace network and digital environment security.
• To ensure that the requested information and documents are shared with the judicial authorities in line with the requests of the judicial authorities.
The data obtained and processed within the scope of the above purposes and this clarification will be kept by taking the necessary administrative and technical measures for the legal periods and will be destroyed at the end of the periods.
The information and documents to be received during the candidacy process are as follows: Name Surname, TR Identity Number, Age, Gender, Address, Phone, Education Information, Health Information, Driving License and Driver Certificate information and documents, Previous Workplace Information, Reference Information,
LEGAL REASONS THAT REQUIRE STORAGE AND PROCESSING Data
obtained by our company It is obtained, processed, stored and destroyed for the specified periods, based on the following legislative provisions. The legal regulations in question are as follows;
• Personal Data Protection Law No. 6698,
• Turkish Code of Obligations No. 6098,
• Social Insurance and General Health Insurance Law No. 5510,
• Law No. 5651 on the Regulation of Publications Made on the Internet and Combating Crimes Committed through These Publications,
• Law No. 6331 on Occupational Health and Safety,
• Law No. 4982 on Access to Information,
• Petition No. 3071 Law on the Exercise of Rights,
• Labor Law No. 4857.
These law articles are also important in terms of obtaining explicit consent. Personal Data Protection Law No. 6698 5/2.a. According to this clause, personal data may be processed without the explicit consent of the relevant person, if it is clearly provided for by law. Within the scope of the 1st sentence of paragraph 6/3 of the same law, personal data of a special nature, other than data regarding health and sexual life, can be processed without requiring explicit consent if it is stipulated by law.
C. METHODS OF COLLECTION OF PERSONAL DATA
Your personal data consists of information and documents received within the scope of your dialogues and communication with our company. Reference letters sent to us and preliminary agreements and contracts concluded, job application forms and trial period employment contracts, suggestion/complaint forms, information, documents and application forms obtained through online communication channels, especially e-mail environments, security cameras, letters and warnings are mainly used. are data collection sources. These data are obtained and processed in accordance with our data policy and Board decisions, taking into account the conditions within the scope of Articles 5 and 6 of the Personal Data Protection Law (KVKK) and the principles included in Article 4. In all these processes, it is aimed to prevent unnecessary data acquisition by taking into account the principles of proportionality and proportionality.
D. TRANSFER OF PERSONAL DATA
As the Data Controller ALMİN ALÜMİNYUM PROFİL SANAYİ VE TİC.LTD.ŞTİ, taking into account the principles stated in Article 4
of Law No. 6698 ,
It is necessary to protect the life or physical integrity of oneself or another person,
• It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or execution of a contract,
• It is mandatory for the data controller to fulfill its legal obligation, It is done by the data subject himself. being made public,
• Data processing is mandatory for the establishment, exercise or protection of a right,
• It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned,
• KVKK is required for the protection of public health, preventive medicine, medical diagnosis, execution of treatment and care services, planning and management of health services and their financing. Transfers can be made to third parties and institutions, provided that the conditions stated in Articles 8 and 9 and the measures determined by the Board are taken. The data in question is the relevant personnel of our company, company managers, the domestic servers we use, persons and organizations that process data on behalf of the data controller and provide measurement, targeting and profiling support, lawyers, audit companies, business and solution partners, suppliers, judicial authorities, regulators. and can be shared with supervisory institutions and official authorities.
Name, surname and telephone data from the processed data can be shared with overseas servers and data centers used by communication, storage and communication programs that transfer data online.
Although the country where data is transferred varies in terms of foreign servers and data centers used by communication, storage and communication programs that transfer data online, the headquarters of Google and Microsoft Based Online applications is the United States, and Yandex's headquarters is Russia. Again, in terms of WhatsApp application, the center in question is the United States, while in terms of Telegram, it is Russia.
E. STORAGE AND DESTRUCTION POLICY OF PERSONAL DATA
Although it has been processed in accordance with the provisions of this Law and other relevant laws, personal data will be deleted, destroyed or anonymized by us ex officio or upon the request of the relevant person, in case the reasons requiring processing are eliminated. In accordance with paragraph 7/2 of Law No. 6698, it has been accepted that the relevant articles of law will be taken as basis in determining storage periods and destruction dates, without prejudice to the provisions written in other laws. For this reason, legal retention periods and statute of limitations must be taken into account when determining the destruction period of each data to be destroyed.
Although our KVKK destruction policy in detail is explained under the title KVKK Destruction Policy at https:// www.alminprofil.com.tr/ KVKK-1.html , your Personal Data will be kept for a maximum of 6 (six) months. During the first destruction period after the end of the storage period, the data is deleted, anonymized or destroyed by personnel dedicated exclusively to this task on behalf of the data controller, based on the Personal Data Protection Law and KVKK destruction regulations. These destruction processes are recorded and the minutes are kept for 3 years.
F. RIGHTS OF THE INTERESTED PERSON
Your rights as the relevant person whose data is processed are written as follows in Article 11 of Law No. 6698;
• You can find out whether we process personal data about you, and if we do or have processed personal data, you can request information about it.
• You can learn the purpose of processing your personal data and whether they are used for their intended purpose.
• You can find out whether your personal data is transferred domestically or abroad and to whom it is transferred.
• You may request that your inaccurate or incomplete personal data be corrected and that the recipients to whom this data has been or may have been transferred be informed.
• You can request that your personal data be destroyed (deleted, destroyed or anonymized) within the framework of the conditions stipulated in Article 7 of the KVKK. However, by evaluating your destruction request, we will evaluate which method is appropriate according to the circumstances of the concrete case. In this context, you can always request information from us about why we chose the destruction method we chose.
• You may request that third parties to whom your personal data has been or may be transferred be informed about your destruction request.
• You can object to the results of your personal data analysis, which were created exclusively using an automated system, if these results are contrary to your interests.
• If you suffer damage due to unlawful processing of your personal data, you can request compensation for the damage.
As the data controller, we are obliged to process and evaluate the applications made by the relevant person in accordance with Law No. 6698. Your requests in your Personal Data Breach Application will be finalized free of charge within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost for the Company, the fee specified in the Communiqué on the Procedures and Principles of Application to the Data Controller may be charged by the Personal Data Protection Board.
If an application is made and the application is rejected by the company, you have the right to apply to the Personal Data Protection Board within thirty days from the date you receive the rejection decision. If no notification is made to you, as the Data Controller, within 30 days, an application can be made to the Board within 30 days from the date of thirty days. In order to avoid confusion regarding application periods, it is useful to look at the Decision of the Personal Data Protection Board dated 24.01.2019 and numbered 2019/9 on the Calculation of the Application to the Data Controller and Complaint Periods to the Board, the decision in question is as follows;
• If the data controller responds to the application made by the relevant person within 30 days, the relevant person can file a complaint within 30 days following the response of the data controller, and in this respect, in such cases, the relevant person does not have 60 days from the date of application to the data controller,
• The application made by the relevant person In case the data controller does not provide a response, the relevant person may file a complaint with the Board within 60 days from the date of application to the data controller,
• If the data controller responds to the application made by the relevant person after the 30-day period granted in the Law, the relevant person may file a complaint within the 30-day period granted to the data controller in the Law. Considering that the relevant person is not obliged to wait for the response to be given and that he can complain to the Board upon the expiry of the period given to the data controller, the relevant person can make a complaint to the Board within 60 days from the date of application to the data controller, not 30 days from the date the data controller responds to him,
regarding the processing of your personal data. You can make your application on the matters by filling out the application form on the Company's website or by following methods, provided that you comply with the procedures and principles specified in Article 5 of the Communiqué on the Procedures and Principles of Application to the Data Controller:
• In writing and signed by a notary or registered mail
• Registered e-mail (KEP) ) by e-mail sent from your address
• By secure electronic signature or mobile signature
• By notification to your e-mail address
• By notification to 0312 267 58 80
• By not losing the registration numbers given to you for the above notifications in terms of file and transaction tracking, and to the notifications made to us. Feedback can be provided by the same method or by registered mail.
In order to make an application, the information of the Data Responsible is as follows:
Title: ALMİN ALÜMİNYUM PROFİL SANAYİ VE TİC. LTD. ŞTİ.
Mersisno: 0-0550-4031-2600017
E-mail address: bilgiislem@alminprofil.com.tr
Postal Address: ASO 1. Org. Singing. Region. Dagestan Cad. No:9 Sincan/ANKARA
Tel: 0312 267 58 80
If it is understood by us that the data of the relevant persons were obtained in violation of the procedures and laws, or if there is a reasonable suspicion in this regard, it will be reported to the board as soon as possible in accordance with Article 12 of the KVKK. The shortest time to understand is 2 72 hours.
G. UPDATE AND COMPATIBILITY
The Company reserves the right to make changes to this Policy and other policies related to this Policy due to changes made in the Law, in accordance with the decisions of the KVK Board or in line with developments in the sector or the field of informatics.
Changes made to this Policy are immediately incorporated into the text and explanations regarding the changes are explained at the end of the Policy.
You can access the complaint form you can make to our company, the complaint form you can make to the KVK Institution, and this clarification text and KVKK Policies from the following link(s); You can reach https:// www.alminprofil.com.tr/ KVKK-1.html .
------------------------Footnotes------------------
1-a) Compliance with law and honesty comply with the rules.
b) Being accurate and up to date when necessary.
c) Processing for specific, clear and legitimate purposes.
ç) Being related to the purpose for which they are processed, limited and proportionate.
d) To be kept for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.
2- With the decision of the Personal Data Protection Board dated 24.01.2019 and numbered 2019/10;
Paragraph (5) of Article 12 of the Law states: "In case the processed personal data is obtained by others through illegal means, the data controller shall notify this situation to the person concerned and the Board as soon as possible..." The expression "as soon as possible" in the provision should be interpreted as 72 hours, and in this context, the data controller should notify the Board without delay and within 72 hours at the latest from the date of learning of this situation, and following the determination of the persons affected by the data breach by the data controller, the relevant persons should be notified as soon as possible. Within the period, if the contact address of the relevant person can be reached, notification will be made directly, or if not, notification will be made by appropriate methods such as publishing it on the data controller's own website,